<?php

  session_start();
  include "config.php";
  include "ALstaff.php";

  if(isset($_SESSION["user"]))
  {
    include "$header";
?>

<FRAMESET rows="120px, *" frameborder="0">
	<FRAME src="top.php" name="topbanner" style="border-bottom: double #00005b" noresize="noresize">
	<FRAMESET cols="330px, *" frameborder="0">
		<FRAME src="tabs.php" name="tabs" style="border-right:2px solid #00005b" noresize="noresize">
		<FRAME src="main.php" name="main" noresize="noresize">
	</FRAMESET>
</FRAMESET>

<noframes></noframes>

<?php

    include "$footer";
  }
  else
  {
	include "$header";
    include "$body";
  
    if (isset($_POST["login"]))
    {
      $user = $_POST["user"];
      $password = $_POST["password"];
      if(!isset($_SESSION["attempts"]))
      {
        $_SESSION["attempts"] = 0;
      }
      if($user == "" || $password == "" || empty($user) || empty($password))
      {
        echo "<SCRIPT language='Javascript'>";
        echo "  alert('You must enter the your staff number and password.');";
        echo "</SCRIPT>";
        showLoginForm();
        echo "<SCRIPT language='Javascript'>";
        echo "  login.user.value='" . $user . "';";
        echo "</SCRIPT>";
      }
      else if(validateStaff($user, $password) == false)
      {
        $_SESSION["attempts"] += 1;
        if($_SESSION["attempts"] == 3)
        {
          $_SESSION["attempts"] = 0;
          showErrorMsg();
        }
        else
        {
          showLoginForm();
        }
      }
      else
      {
        unset($_SESSION["attempts"]);
        $_SESSION["user"] = $_POST["user"];
        if(findDepNo($_SESSION["user"]) == "30")
          $_SESSION["userDep"] = "Mail Order";
        else if(findDepNo($_SESSION["user"]) == "31")
          $_SESSION["userDep"] = "Telesales";
        echo "<SCRIPT language='Javascript'>";
        echo "  window.location.href = 'index.php';";
        echo "</SCRIPT>";
	  }
    }
    else
    {
      showLoginForm();
    }
    include "$footer";
  }
 
  function showLoginForm()
  {
?>

<span class="title">TOPS Login</span>
<p>
<b>Authorised Jones Bros staff only</b>

<p>
&nbsp;
</p>

<FORM name="login" action="" method="post">
<TABLE class="loginForm" cellpadding="5" cellspacing="5">
  <TR>
    <TD class="loginField">
      Staff No.
    </TD>
    <TD class="loginInput">
      <input type="text" class="login" name="user" />
    </TD>
  </TR>
  <TR>
    <TD class="loginField">
      Password
    </TD>
    <TD class="loginInput">
      <input type="password" class="login" name="password" />
    </TD>
  </TR>
</TABLE>
<p>
<input class="submit_off" type="submit" value="Login" name="login" onmouseover="className='submit_on'" onmouseout="className='submit_off'" />
</FORM>

</CENTER>
</BODY>

<?php
  }

  function showErrorMsg()
  {

?>

<span class="title">TOPS Login</span>
<p>
<b>Authorised Jones Bros staff only</b>

<p>

<b>AUTHORISATION FAILED!</b>

<p>

<FORM name="failed" action="" method="post">
<input class="submit_off" type="submit" value="OK" name="ok" onmouseover="className='submit_on'" onmouseout="className='submit_off'" />
</FORM>

<?php

  }

?>